Malware

Should I remove “Win32/CoinMiner.APN”?

Malware Removal

The Win32/CoinMiner.APN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/CoinMiner.APN virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Harvests cookies for information gathering
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/CoinMiner.APN?



File Info:

name: 0DB96812691ABE599139.mlw
path: /opt/CAPEv2/storage/binaries/2ef91b1f494c8b5d53485cc5749e961f23cf0cb483e47faef0d417dcc8fed48f
crc32: 18B19A57
md5: 0db96812691abe59913943c99dc2516b
sha1: 137721afa78b5092a543c41d8ccedc50e302e3fe
sha256: 2ef91b1f494c8b5d53485cc5749e961f23cf0cb483e47faef0d417dcc8fed48f
sha512: 9e434d3374b4c6a06134487db4c9cade021f26df657dc16fd2a9a936c72ce820b98776e95a5316006c99ca895c66062f8b201433a801dcfe107a884447ee26c9
ssdeep: 196608:J5KwXKAh+JFByTWTIcDrTWuBDiUkT6nP:jKUhiBTIcDOuwUk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15D66231273DD8365C771A133B956B7517E7FBC2609A0F96B2FA4393CA830161520EBA3
sha3_384: 21fd30e44a10d65ce97bd720104038ae181b0c42e231ce84cc2eb0f1ac58d1369f000f6a19427826722098ced9c8e940
ep_bytes: e86ace0000e97ffeffffcccc57568b74
timestamp: 2014-11-18 09:34:18


Version Info:

Translation: 0x0809 0x04b0

Win32/CoinMiner.APN also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.Stampado.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGeneric.Ransom.Stampado.F32D3445
ClamAVWin.Malware.Agent-6365836-0
FireEyeGeneric.mg.0db96812691abe59
ALYacGeneric.Ransom.Stampado.F32D3445
MalwarebytesGeneric.Malware/Suspicious
K7AntiVirusCryptoMiner ( 0054bc511 )
AlibabaTrojan:Win32/CoinMiner.0a60b6ee
K7GWCryptoMiner ( 0054bc511 )
SymantecTrojan.Gen.MBT
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/CoinMiner.APN
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Agent.xaeebn
BitDefenderGeneric.Ransom.Stampado.F32D3445
NANO-AntivirusTrojan.Win32.CoinMiner.etabtu
EmsisoftGeneric.Ransom.Stampado.F32D3445 (B)
F-SecureTrojan.TR/CoinMiner.zfxkw
VIPREGeneric.Ransom.Stampado.F32D3445
TrendMicroHEUR_NAMETRICK.A
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
Trapminemalicious.high.ml.score
SophosMal/Generic-S
IkarusPUA.DownloadSponsor
GDataGeneric.Ransom.Stampado.F32D3445 (4x)
AviraTR/CoinMiner.zfxkw
MAXmalware (ai score=99)
XcitiumMalware@#1wq78q22sj57x
ArcabitGeneric.Ransom.Stampado.F32D3445 [many]
ZoneAlarmTrojan.Win32.Agent.xaeebn
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win32.Agent.C2141669
McAfeeArtemis!0DB96812691A
VBA32Trojan.Autoit.Wirus
Cylanceunsafe
TencentWin32.Trojan.Agent.Vwhl
MaxSecureTrojan.Malware.11080410.susgen
FortinetPossibleThreat
DeepInstinctMALICIOUS

How to remove Win32/CoinMiner.APN?

Win32/CoinMiner.APN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment